CVE-2020-26063Improper Privilege Management in Cisco Unified Computing System

CWE-269Improper Privilege Management4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 50.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedNov 18

Description

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected sy

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system43 versions+42

🔴Vulnerability Details

2
CVEList
Cisco Integrated Management Controller Software Authorization Bypass Vulnerability2024-11-18
GHSA
GHSA-23p9-75pp-2wv4: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization a2024-11-18

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Authorization Bypass Vulnerability2020-11-04
CVE-2020-26063 — Improper Privilege Management in Cisco | cvebase